14 DAY TRIAL // Retrospect, a network backup utility for Mac, Linux, and Windows, has been patched to fix a password hashing weakness that allowed attackers to gain access to a user's backed-up files.
The vulnerability affected only users who utilized password protection for their backup files, and it would have allowed an attacker access to the backup files using a password hash collision method.
A password hash allowed attackers access to the backed-up information
This method relies on bad application design on the part of Retrospect, Inc., which allowed for weak password hashes to be generated only from certain portions of the password strings.
Since password hash collision attacks work by generating a hash out of strings until one matches the hash of the real password, this allowed the attacker to authenticate himself on Retrospect clients and access the backup files.
To do this, they would have only needed access to a network where Retrospect clients were connected.
All affected instances have been patched via a series of Retrospect updates
The vulnerability detailed in CVE-2015-2864 affects all Retrospect clients and has been patched through the release of Retrospect 10.0.2 for Windows, Retrospect Client 10.0.2 for Windows, Retrospect 12.0.2 for Mac, Retrospect Client 12.0.2 for Mac, and Retrospect Client 10.0.2 for Linux.
Considering how only password-protected backup archives were affected, Retrospect, Inc. has started recommending clients to use their public key authentication method instead, for which a special page with step-by-step instructions has been added to the company's support website.
Josep Pi Rodriguez and Pedro Guillen Nunez hacked the Retrospect client at the Hack in Paris conference in June 2014, but Retrospect was informed of the problem only in late April 2014. A video of their presentation can be seen below.
You can download the latest versions of the Retrospect clients from Softpedia, getting the appropriate version for your operating system: Windows and Mac OS X.
